House bill seeking government P2P ban gets boost
Tiversa gives House committee 200 new examples of P2P leaks of U.S. secret data
Computerworld - Security firm Tiversa Inc. has provided the House Oversight and Government Reform Committee with more reasons to ban the use of peer-to-peer networks in government -- it recently accessed some 200 sensitive military documents via P2P technology.
The documents include personal data on U.S. troops based overseas, details on sensitive military projects and defense contracts and documents that violate International Traffic in Arms Regulations (ITAR) rules, according to a Tiversa executive. One document contained personal data on dozens of soldiers from the Third Special Forces Group based out of Fort Bragg, N.C., and included the names and ages of their spouses and children.
The House committee had asked Tiversa to try to access such data and submit the results of its efforts as evidence that could be used in the committee's debate on a proposed bill that would ban the use of P2P technology on government networks. The request stemmed from a House hearing in July during which Tiversa had disclosed that it found details on safe house locations for the family of President Barack Obama, presidential motorcade routes and other sensitive data on a government P2P network. That followed Tiversa's disclosure that it had unearthed details about the president's helicopter, Marine One, on a server located in Iran. Those details were apparently inadvertently leaked to the Iranian system from a P2P network.
"In an effort to understand the magnitude of P2P risks, and draft appropriate legislation, the committee asked us to provide additional examples following the hearing in July," said Scott Harrer, brand director at Cranberry Township, Pa.-based Tiversa. Over the past month, the company submitted more than 200 additional examples of P2P network data that it has accessed, Harrer said.
Most of the documents found by Tiversa were marked "secret" and appear to include information from all branches of the military, Harrer said. The company has reported on its findings to the Naval Criminal Investigative Service, the Army Criminal Investigation Command and the Air Force Office of Special Investigations, he added. "We have recently seen these files being downloaded in foreign countries, including China and Pakistan," Harrer said. "We have also seen user-issued searches for this type of sensitive data emanating from outside the U.S., so people are in fact actively looking for it."
Tiversa's latest disclosures will likely add to growing concerns about the security of P2P networks.
Numerous others have highlighted similar data leaks as well. In January, Eric Johnson, a professor of operations management at Dartmouth College's Tuck School of Business disclosed that he had found numerous health care documents on P2P networks. For example, Johnson said he found a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory.
Such leaks typically occur when a user installs a P2P client such as Kazaa, LimeWire, BearShare, Morpheus or FastTrack on a computer for the purpose of sharing songs and other types of files with fellow network users. In many cases, the software is not installed properly and ends up exposing not just the files that the user wants to share, but also every other file on his computer.
A bill that would make it illegal for P2P developers to make software that causes files to be inadvertently shared over a P2P network without a user's knowledge was passed by the House Energy and Commerce Committee last week. The so-called Informed P2P User Act would also require developers to clearly inform users about files that are being made available for searching and sharing, and it would mandate that a user agree to the file-sharing first.
Read more about Government IT in Computerworld's Government IT Topic Center.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you like your iPhone, you can keep your iPhone. Period.
President Obama has revealed that he's not permitted to carry an iPhone. It's too insecure for the job, he says. Instead, he's stuck with a BlackBerry. Well, someone's got to have one still. However, it turns out that the Pentagon has also outlawed non-BlackBerry smartphones. In IT Blogwatch, bloggers joke that 2006 called and they want their smartphones back.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- BYOD Invasion: A Computerworld Report on the Consumerization of IT
- We profile three companies that aren't just coping, but learning valuable lessons. If, like them, you're thinking about mobile device management our definitive... All Government IT White Papers
- Video: 5 Secrets To Scaling Enterprise Apps Watch this video to learn how to successfully scale enterprise apps>>
- Collaboration 2013: Where Mobility Meets Connectivity Mobility and collaboration are quickly converging and users are demanding more capabilities. It's no longer enough to enable file sharing. This Webcast dives...
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.